From 5bbd3c61581cac89741fdc65b8786078610afd75 Mon Sep 17 00:00:00 2001 From: Matthias Date: Sat, 25 May 2019 14:16:59 +0200 Subject: [PATCH] Add documentation --- docs/rest-api.md | 9 +++++++-- freqtrade/rpc/api_server.py | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/docs/rest-api.md b/docs/rest-api.md index 95eec3020..535163da4 100644 --- a/docs/rest-api.md +++ b/docs/rest-api.md @@ -10,12 +10,17 @@ Sample configuration: "api_server": { "enabled": true, "listen_ip_address": "127.0.0.1", - "listen_port": 8080 + "listen_port": 8080, + "username": "Freqtrader", + "password": "SuperSecret1!" }, ``` !!! Danger: Security warning - By default, the configuration listens on localhost only (so it's not reachable from other systems). We strongly recommend to not expose this API to the internet, since others will potentially be able to control your bot. + By default, the configuration listens on localhost only (so it's not reachable from other systems). We strongly recommend to not expose this API to the internet and choose a strong, unique password, since others will potentially be able to control your bot. + +!!! Danger: Password selection + Please make sure to select a very strong, unique password to protect your bot from unauthorized access. You can then access the API by going to `http://127.0.0.1:8080/api/v1/version` to check if the API is running correctly. diff --git a/freqtrade/rpc/api_server.py b/freqtrade/rpc/api_server.py index 5e76e148c..d2001e91a 100644 --- a/freqtrade/rpc/api_server.py +++ b/freqtrade/rpc/api_server.py @@ -56,7 +56,7 @@ class ApiServer(RPC): def require_login(func): def func_wrapper(self, *args, **kwargs): - # Also works if no username/password is specified + # Also accepts empty username/password if it's missing in both config and request if (request.headers.get('username') == self._config['api_server'].get('username') and request.headers.get('password') == self._config['api_server'].get('password')):